CLAIMS 

WJ*m is claimed is: 

1 / I. A method of establishing a secure wireless communications channel between an 

2 access point and a station, the channel being encrypted with a channel key, the method 

3 comprising: 

4 sending, by the station to the access point, a request for a security preference for 

5 the access point; 

6 sending, by the access point to the station, the security preference in response to 

7 the request when the access point can support the channel; 

8 generating, by the station, authentication information using a first key when the 

9 security preference is shared key; 

10 sending, by the station to the access point, the authentication information; 

1 1 validating, by the access point, the station using the authentication information; 

12 encrypting, by the access point, the channel key using a second key when the 

13 station is validated; 

14 sending, by the access point to the station, the encrypted channel key; 

15 decrypting, by the station, the channel key in response to receiving the encrypted 

16 channel key; and 

17 sending, by the station to the access point, data encrypted with the channel key to 

18 establish the channel. 
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1 2. The method of claim 1, wherein the first and second keys are a self-distributed 

2 key. 

1 3. The method of claim 2, further comprising: 

2 generating, by the access point, the self-distributed key using a security algorithm 

3 when the security preference is shared key; 

4 generating, by the station and sending to the access point, a first value using the 

5 security algorithm in response to receiving the security preference of shared key; 

6 generating, by the access point, and sending to the station, a second value using 

o 

; n 7 the security algorithm and the first value in response to receiving the first value; and 

111 8 calculating, by the station, the self-distributed key using the security algorithm and 

JB 9 the second value in response to receiving the second value. 

^ 1 4. The method of claim 3, wherein the security algorithm is g n mod p and further 

P 

|lj 2 comprising: 

□ 3 obtaining, by the access point, integers x, g and p to generate the self-distributed 

4 key k = g x mod p \ 

5 obtaining, by the station, the integers g and p, and an integer y to generate the first 

6 value Y = g* mod p\ 

7 generating, by the access point, the second value X = Y x mod p; and 

8 setting, by the station, z equal to y 1 to calculate the self-distributed key 

9 k = X z modp. 
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5. The method of claim 4 wherein obtaining, by the station, the integers g and p 
comprises: 

sending, by the access point to the station, the integers for g and p. 

6. The method of claim 5, wherein the integers for g and p are sent to the station 
when the security preferences are sent by the access point. 

7. The method of claim 5, wherein the integers for g and p are sent to the station 
when a user name and password for the station are registered with the access point. 

8. The method of claim 4 further comprising: 

publishing, by the access point, the integers g and p for a set of stations. 

9. The method of claim 2 further comprising: 

encrypting, by the station, a name and password with the first key to generate the 
authentication information; and 

decrypting, by the access point, the name and password to validate the station. 

10. The method of claim 2 further comprising: 

sending, by the access point to the station, a challenge; 

encrypting, by the station, the challenge with the first key to generate the 
authentication information; 

encrypting, by the access point, the challenge with the first key; and 
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comparing, by the access point, the authentication information with the challenge 
encrypted by the access point with the first key to validate the station. 

11. The method of claim 1, wherein the first key is a public key of a public-private 
key pair for the access point, and the second key is a public key of a public-private key 
pair for the station. 

12. The method of claim 1 1 further comprising: 

sending, by the access point to the station, the first key; and. 
sending, by the station to the access point, the second key. 

13. The method of claim 12, wherein the second key is sent to the access point when 
the request for the security preference is sent by the station. 

14. The method of claim 12, wherein the first key is sent to the station when the 
security preference is sent by the access point. 

15. The method of claim 1, wherein establishing the channel creates a standard wired 
equivalent privacy (WEP) network, and the station and the access point exchange 
messages conforming to a format required by the standard that defines a WEP network to 
establish the WEP network. 



6. A method for connecting a station to a secure wireless network comprising: 
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2 sending a request for a security preference to an access point for the secure 

3 wireless network; 

4 generating authentication information for the station when the station receives a 

5 security preference specifying shared key from the access point; 

6 sending the authentication information to the access point; 

7 decrypting a channel key in response to receiving an encrypted channel key from 

8 the access point; and 

9 sending data encrypted with the channel key to the access point. 



1 17. The method of claim 16 further comprising: 

1 generating a first value using a security algorithm in response to receiving the 

2 security preference specifying shared key from the access point; 

3 calculating a self-distributed key using the security algorithm and a second value 

4 in response to receiving the second value from the access point; and 

5 using the self-distributed key to generate the authentication information and to 

6 decrypt the encrypted channel key. 



1 18. The method of claim 17, wherein the security algorithm is formulated as g n mod p 

2 and further comprising: 

3 obtaining integers for y, g and p to generate the first value Y = mod p\ and 
1 setting z equal to y 1 to calculate the self-distributed key k = X s mod p. 



1 



19. The method of claim 16 further comprising: 
004860. P2436 -27- 



2 using a first key to generate the authentication information; and 

3 using a second key to decrypt the encrypted channel key. 

1 20. The method of claim 19, wherein the first key is a public key of a public-private 

2 key pair for the access point, and the second key is a private key of a public-private key 

3 pair for the station. 

1 2^ A method of securing a wireless network at an access point comprising: 

2 sending a security preference in response to a request from a station; 

D 

J 3 validating the station in response to receiving authentication information from the 

111 4 station; 

ffl 5 encrypting a channel key when the station is validated; 

^ 6 sending the encrypted channel key to the station; and 

ip 7 sending data encrypted with the channel key to the station. 

O 1 22. The method of claim 21 further comprising: 

2 generating a self-distributed key using a security algorithm when the security 

3 preference is shared key; 

4 generating a second value using the security algorithm and a first value in 

5 response to receiving the first value from the station; and 

6 sending the second value to the station. 
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1 23. The method of claim 22, wherein the security algorithm is formulated as g n mod p 

2 and further comprising: 

3 obtaining integers jc, g and p to generate the self-distributed key k = g x mod p\ and 

4 generating the second value X = Y x mod p. 

1 24. The method of claim 21 further comprising: 

1 using a first key to evaluate the authentication information; and 

2 using a second key to encrypt the encrypted channel key. 

1 25. The method of claim 24, wherein the first key is a private key of a public-private 

2 key pair for the access point, and the second key is a public key of a public-private key 

3 pair for the station. 

1 A computer-readable medium having stored thereon executable instructions to 

2 cause a processor to perform a station method to connect to a secure wireless network, the 

3 instructions comprising: 

4 sending a request for a security preference to an access point for the secure 

5 wireless network; 

6 generating authentication information for the station when the station receives a 

7 security preference specifying shared key from the access point; 

8 sending the authentication information to the access point; 

9 decrypting a channel key in response to receiving an encrypted channel key from 
10 the access point; and 
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1 1 sending data encrypted with the channel key to the access point. 

1 27. The computer-readable medium of claim 26 having further instructions 

2 comprising: 

1 generating a first value using a security algorithm in response to receiving the 

2 security preference specifying shared key from the access point; 

3 calculating a self-distributed key using the security algorithm and a second value 

4 in response to receiving the second value from the access point; and 

5 using the self-distributed key to generate the authentication information and to 

6 decrypt the encrypted channel key. 

1 28. The computer-readable medium of claim 27, wherein the security algorithm is 

2 formulated as g n mod p and having further instructions comprising: 

3 obtaining integers y 9 g and p to generate the first value Y = g y mod p\ and 
1 setting z equal to y 1 to calculate the self-distributed key k = X* mod p. 

1 29. The computer-readable medium of claim 26 having further instructions 

2 comprising: 

3 using a first key to generate the authentication information; and 

4 using a second key to decrypt the encrypted channel key. 
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30. The computer-readable medium of claim 29, wherein the first key is a public key 
of a public-private key pair for the access point, and the second key is a private key of a 
public-private key pair for the station. 



1. A computer-readable medium having stored thereon executable instruction to 



cause a processor to perform an access point method to secure a wireless network, the 
instructions comprising: 

sending a security preference in response to a request from a station; 

validating the station in response to receiving authentication information from the 

station; 

encrypting a channel key when the station is validated; 
sending the encrypted channel key to the station; and 
sending data encrypted with the channel key to the station. 

32. The computer-readable medium of claim 31 having further instructions 
comprising: 

generating a self-distributed key using a security algorithm when the security 
preference is shared key; 

generating a second value using the security algorithm and a first value in 
response to receiving the first value from the station; and 

sending the second value to the station. 
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1 33. The computer-readable medium of claim 32, wherein the security algorithm is 

2 formulated as g n mod p and having further instructions comprising: 

1 obtaining integers x, g and p to generate the self-distributed key k = g x mod p\ and 

2 generating the second value X = Y x mod p. 

1 34. The computer-readable medium of claim 31 having further instructions 

2 comprising: 

1 using a first key to evaluate the authentication information; and 

2 using a second key to encrypt the encrypted channel key. 

r\ 1 35. The computer-readable medium of claim 34, wherein the first key is a private key 

B 2 of a public-private key pair for the access point, and the second key is a public key of a 

n 

^ 3 public -private key pair for the station. 




A secure wireless network comprising: 



□ 2 an access point operable for receiving a connection request from a station through 

3 a setup connection, for validating authentication information sent by the station, and for 

4 connecting the station to the network through a channel secured with a shared channel 

5 key; and 

6 a station operable for sending the connection request to the access point, and for 

7 generating the authentication information to send to the access point. 
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1 37. The secure wireless network of claim 36, wherein the access point is further 

2 operable for sending a security preference specifying shared key to the station upon 

3 receiving the connection request, and the station is operable for sending the authentication 

4 information to the station upon receiving a security preference specifying shared key. 

1 38. The secure wireless network of claim 37, wherein the access point is further 

2 operable for encrypting the shared channel key using a self-distributed key for sending to 

3 the station and the station is further operable for decrypting the shared channel key upon 

4 receipt. 

1 39. The secure wireless network of claim 38, wherein the station and the access point 

2 are further operable for calculating the self-distributed key by exchanging messages in 

3 accordance with the Hughes transmission protocol 

1 40. The secure wireless network of claim 36, wherein the station is further operable 

2 for using a first key to generate the authentication information and for using a second key 

3 to decrypt an encrypted shared channel key received from the access point, and the access 

4 point is further operable for using a third key to evaluate the authentication information 

5 and for using a fourth key to encrypt the shared channel key for sending to the station. 

1 41. The secure wireless network of claim 40, wherein the first and third keys are 

2 public and private keys, respectively, for the access point, and the second and fourth keys 

3 are private and public keys, respectively, for the station. 
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^2. A computer-readable medium having stored thereon a message data structure for a 
secure wireless network comprising: 

a station address field containing data representing an identifier for a station that 
exchanges messages with an access point on the secure wireless network; 

a transaction sequence number field containing data representing a sequence 
number for a message exchanged between the station identified by the station address 
field and the access point; 

an authentication algorithm field containing data representing an identifier for a 
protocol used by the access point to validate the station identified by the station address 
field based on a name and password for the station; and 

a dependent information field containing data required to connect the station 

identified by the station address field to the secure wireless network. 

O 

; . 

1=0 1 43. The computer-readable medium of claim 42, wherein the data in the dependent 

B 2 information field represents key information for encrypting the name and password for 

3 the station identified by the station address field. 

1 44. The computer-readable medium of claim 42, wherein the data in the dependent 

2 information field represents an encrypted name and password for the station identified by 

3 the station address field. 
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45. The computer-readable medium of claim 42, wherein the data in the dependent 
information field represents an encrypted channel key used to connect the station 
identified by the station address field to the secure wireless network. 
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